Bumped Tested up to: to 7.0 to match the current WordPress release. Required by the wp.org automated scanner (the 0.9.5 submission was held with outdated_tested_upto_header). No code changes; metadata only.
0.9.5
Renamed all AutoRankMe_* PHP classes to Autorankme_* per wp.org review feedback (R/T3 17May26). The CamelCase form was being parsed by the review tool as two separate snake-case prefixes (autorankme and auto_rank_me) which counted as a prefix-consistency violation. Unifying the casing produces a single autorankme_* snake-case prefix across all 27 classes — matching the prefix already used by every function, constant, option key, and namespace in the plugin. Behavior is unchanged; this is a code-style normalization with no functional impact.
0.9.4
Security: optimize_content_images (a the_content filter callback in class-cwv-optimizer.php) now parses each <img> attribute into name/value pairs and applies contextual escaping (esc_url() for src/longdesc/usemap, esc_attr() for everything else) before re-emitting the tag. The previous implementation concatenated the raw captured attribute substring back into the returned HTML — wp.org Plugin Review (R/8May26/T2 14May26) flagged this because filter return values are rendered as page output. Inline event handlers (on*) and style are also dropped during the rebuild as defense in depth.
Code clarity: added an inline comment at class-cache-flusher.php:77 explaining that do_action(‘swcfpc_purge_cache’) is a deliberate integration with the third-party “Super Page Cache for Cloudflare” plugin’s public action hook — not a missing prefix on our own code.
0.9.2
Renamed ARM_Plugin class to Autorankme_Plugin per wp.org review feedback. The previous 3-letter prefix wasn’t unique enough; the new name aligns with the AutoRankMe_* prefix used by every other class in the plugin.
0.9.1
Removed self-hosted plugin updater (includes/class-updater.php) and its hooks. Updates for WP.org-hosted installs are handled by the official WordPress.org update system; the self-hosted updater was only relevant during pre-submission distribution.
0.9.0
WP.org pre-review compliance pass:
Removed promotional / comparative claims from short description
Added contributor tomaya8wp
Added == External services == section documenting AutoRankMe API and Loremflickr usage with terms/privacy links
Replaced raw <style> echo in CWV optimizer with wp_register_style + wp_add_inline_style enqueue path
Sanitized all $_SERVER reads (HTTP_USER_AGENT, HTTP_HOST, REQUEST_URI, HTTP_REFERER, HTTPS) in 404 tracker and auto-redirect
Hardened JSON-LD schema output against </script> breakout via wp_json_encode( JSON_HEX_TAG | JSON_HEX_AMP )
0.8.9
resolve_post_id_from_url now falls back across ALL public post types (was post + page only) — fixes URL-based fix-apply on sites with custom post types like online_casinos, review, product
Homepage URLs (“/”) now resolve to the static front page id when configured
0.8.8
fix_multiple_h1 now treats the implicit theme-rendered H1 (post title) as a duplicate when post_content holds exactly one H1 — that body H1 is demoted to H2
Closes the audit-vs-plugin DOM gap where ARM’s audit saw 2 H1s on the rendered page but the plugin saw 1 in post_content and refused with “no duplicates to fix”
0.8.7
New surgical fix actions: set_canonical, set_og_tags, set_lang, remove_noindex
set_lang updates site-wide via the language_attributes filter (option-driven)
All actions write to ARM-native fallback meta keys + Yoast/RankMath equivalents
0.8.6
New render-time meta injector — emits , OG tags, and canonical on wp_head when no other SEO plugin (Yoast, RankMath, SEOPress, AIOSEO, The SEO Framework) is active
Fix actions now also write to ARM-native fallback meta keys so the injector can find values on fresh installs without third-party SEO plugins
Closes the silent-success gap where fixes wrote to Yoast/RankMath keys that nothing was reading on plugin-only sites
0.8.5
fix_skipped_heading now treats the implicit theme-rendered H1 (post title) as the heading-sequence floor
Body heading sequences starting at H3+ are correctly demoted to H2 (was previously a no-op when post_content held only one body heading)
No data-collection or API surface changes
0.8.4
New surgical fix action: fix_skipped_heading — walks h1..h6 in document order and demotes any heading that skips a level (e.g. h1→h4 becomes h1→h2)
Conservative: never promotes, preserves attributes + inner markup
No data-collection or API surface changes
0.8.3
/fix endpoint now accepts page_url as an alternative to post_id (resolves via url_to_postid + slug fallback)
Required for plugin-only sites where ARM has no separate way to look up post IDs
No data-collection or API surface changes
0.8.2
Plugin-created posts now have a real post_author (was empty because token auth doesn’t carry a WP user)
Captures the admin who connected the token; falls back to first administrator/editor on already-installed sites
No data-collection or API surface changes
0.8.1
Publisher now honors category (single name) and tags (array of names) from the publish payload
Resolves or creates the term server-side, then assigns it to the post — fixes posts landing in “Uncategorized”
No data-collection or API surface changes
0.8.0
WordPress.org plugin directory submission release
Synced readme stable tag with plugin header version
Added explicit Privacy section disclosing all data sent to autorankme-api.onrender.com
Added Third-Party Services section disclosing the AutoRankMe API as the only external dependency
Confirmed compatibility with WordPress 6.9.x
0.7.0
Initial WP.org submission preparation
Full readme.txt with changelog, FAQ, screenshots
0.6.0
Phase 6A: Render-time scanner — audits pages the way Google sees them
